Adjust lesson template (#704)

* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
2019-11-17 13:39:56 +01:00
parent f40b6ffd31
commit 5dd6b31905
139 changed files with 769 additions and 870 deletions
--- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java
+++ b/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java
@ -44,9 +44,4 @@ public class InsecureDeserialization extends Lesson {
    public String getTitle() {
        return "insecure-deserialization.title";
    }
-
-    @Override
-    public String getId() {
-        return "InsecureDeserialization";
-    }
 }
--- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java
+++ b/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java
@ -56,26 +56,26 @@ public class InsecureDeserializationTask extends AssignmentEndpoint {
            Object o = ois.readObject();
            if (!(o instanceof VulnerableTaskHolder)) {
                if (o instanceof String) {
-                    return trackProgress(failed().feedback("insecure-deserialization.stringobject").build());
+                    return failed(this).feedback("insecure-deserialization.stringobject").build();
                }
-                return trackProgress(failed().feedback("insecure-deserialization.wrongobject").build());
+                return failed(this).feedback("insecure-deserialization.wrongobject").build();
            }
            after = System.currentTimeMillis();
        } catch (InvalidClassException e) {
-            return trackProgress(failed().feedback("insecure-deserialization.invalidversion").build());
+            return failed(this).feedback("insecure-deserialization.invalidversion").build();
        } catch (IllegalArgumentException e) {
-            return trackProgress(failed().feedback("insecure-deserialization.expired").build());
+            return failed(this).feedback("insecure-deserialization.expired").build();
        } catch (Exception e) {
-            return trackProgress(failed().feedback("insecure-deserialization.invalidversion").build());
+            return failed(this).feedback("insecure-deserialization.invalidversion").build();
        }

        delay = (int) (after - before);
        if (delay > 7000) {
-            return trackProgress(failed().build());
+            return failed(this).build();
        }
        if (delay < 3000) {
-            return trackProgress(failed().build());
+            return failed(this).build();
        }
-        return trackProgress(success().build());
+        return success(this).build();
    }
 }
--- a/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java
+++ b/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java
@ -28,7 +28,6 @@ public class DeserializeTest extends AssignmentEndpointTest {
        InsecureDeserializationTask insecureTask = new InsecureDeserializationTask();
        init(insecureTask);
        this.mockMvc = standaloneSetup(insecureTask).build();
-        when(webSession.getCurrentLesson()).thenReturn(new InsecureDeserialization());
    }

    @Test